kas
PyPI2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting kaspage 1 of 1
- CVE-2026-47191LOWCVSS 0.0EG 0.0✓ Fixed in 5.32026-06-01
vulnerable: 0.11.0 ... 5.2 (51 versions)
kas checks out SHA-like git branches as valid commits ### Impact When relying solely on a git commit ID (SHA-1 or SHA-256) to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas c…
- CVE-2026-47192LOWCVSS 0.0EG 0.0✓ Fixed in 5.32026-06-04
vulnerable: 4.8 ... 5.2 (6 versions)
kas's late signature validation may allow unnoticed repository manipulations ### Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allo…
Check whether kas is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for kas CVEs against the assets you own.
Start Free Scan →